Restricted Project Artifacts Accessible to Certain Users
CVE-2024-4811

2.2LOW

Key Information:

Vendor

Octopus Deploy

Status
Octopus Server
Vendor
CVE Published:
25 July 2024

What is CVE-2024-4811?

In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.

Affected Version(s)

Octopus Server Windows 2023.1 < 2023.4.8608

Octopus Server Windows 2024.1 < 2024.1.12759

Octopus Server Windows 2024.2 < 2024.2.9193

References

https://advisories.octopus.com/post/2024/sa2024-05/

CVSS V3.1

Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.